3.6 Ports Used by ZENworks Components

ZENworks Configuration Management uses a number of ports to communicate, based on specific functions and features. These ports must be considered when building the design of the infrastructure because they need to be open on firewalls if services reside behind them.

The following table outlines the ports that are used by ZENworks Configuration Management, and gives a description of what services use them, and why. This information should be shared early in the design phase, and should be reviewed by the network services teams.

Table 3-3 ZENworks Configuration Management Ports

Port

Description

HTTP (TCP 80)

Stateful

Primary Server and Satellite devices

Used to transmit content between the Primary Server or Satellite devices and managed devices.

Primary Server downloads patch license related information and checksum data over HTTPS (port 443), and the actual patch content files over HTTP (port 80). ZENworks Patch Management license information is obtained from the Lumension licensing server, the patch content and checksum data is retrieved from an AKAMAI hosted content distribution network (novell.cdn.lumension.com). You must ensure that the firewall rules allow outbound connections to these addresses because the patch content distribution network is a large fault tolerant network of cache servers.

HTTPS (TCP 443)

Stateful

Open on the Primary Server

Used to transmit configuration metadata, authentication credentials, and tokens between the Primary Server and managed devices.

Used for Tomcat secure port. It is also used by default to download system updates from NCC and to download Product Recognition Update (PRU).

Primary Server downloads patch license related information and checksum data over HTTPS (port 443), and the actual patch content files over HTTP (port 80). ZENworks Patch Management license information is obtained from the Lumension licensing server, the patch content and checksum data is retrieved from an AKAMAI hosted content distribution network (novell.cdn.lumension.com). You must ensure that the firewall rules allow outbound connections to these addresses because the patch content distribution network is a large fault tolerant network of cache servers.

CASA (TCP 2645)

Stateful

Open on the Primary Server

Used to transmit authentication credentials and tokens between the Primary Server and managed devices when the Tomcat server listening on Port 443 is busy.

LDAP / LDAPS (TCP 389 / TCP 636)

Stateful

Open on the Directory Server

Used to transmit directory information between the Primary Server and Directory Server (Novell eDirectory or Microsoft Active Directory).

Sybase (TCP 2638)

Stateful

Open on the Database Server

Used for JDBC communication between Primary Servers and an internal or external Sybase database.

SQL (TCP 1433)

Stateful

Open on the Database Server

Used for JDBC communication between Primary Servers and an internal or external Microsoft SQL Server database.

Oracle (TCP 1521)

Stateful

Open on the Database Server

Used for JDBC communication between Primary Servers and an internal or external Oracle database.

Imaging (TCP 998)

Stateful

Open on the Primary Server and imaging Satellite devices

Used to transmit images and requests for work to do between the Primary Server and machines being imaged.

Proxy DHCP (UDP 67 / UDP 4011)

Open on the Primary Server and imaging Satellite devices

Used to answer DHCP requests for PXE information. The standard DHCP port (67) is used if the server is not also a DHCP server; otherwise, the BINL port (4011) should be used.

TFTP (UDP 69)

Open on the Primary Server and imaging Satellite devices

Used to send and receive TFTP data for PXE devices.

ZMGPreboot (UDP 13331)

Open on Primary Server and imaging Satellite devices

Allows PXE devices to communicate with the PBServ service to determine work to do. Required because the TCP stack now exists in the PXE environment.

ZENworks VNC (5950)

Open on the managed device

Allows remote control and other remote operations to be performed. Communication is between the managed device and the Administration Console.

ZENworks VNC Request (5550)

Open on the Administration Console

Allows remote management requests to be sent by managed devices. Communication is between the Administration Console and the managed device.

Windows File and Print Sharing / CIFS (137-139)

Communication is between the Primary Server and the managed device or the WinProxy and the managed device.

Open on devices you want to discover via WinAPI and on CIFS servers you want to store 3rd party images on

ICMP

Open on devices you want to discover

Used to determine if a device exists on the network so that it can be further interrogated. Communication is between the Primary Server or WinProxy and the device you want to discover.

Agent Management Port (TCP 7628)

Open on managed devices used to send quick tasks to the managed device

Communication is between the Primary Server and the Agent.

Wake-On-LAN Port (UDP 1761)

Used to forward subnet-oriented broadcast magic packets for Wake-On-LAN.

Remote Management Proxy Port (5750)

Used by the remote management proxy to listen for the incoming remote management requests from the remote management viewer.

A more comprehensive version of this table is found in Section D.4, Extended Port Chart Including Port Usage.